Web Site Client Access Policy File Detection

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a 'clientaccesspolicy.xml' file.

Description :

The remote web server contains a client access policy file. This is a
simple XML file used by Microsoft Silverlight to allow access to
services that reside outside the exact web domain from which a
Silverlight control originated.

See also :


Solution :

Review the contents of the policy file carefully. Improper policies,
especially an unrestricted one with just '*', could allow for cross-
site request forgery or other attacks against the web server.

Risk factor :


Family: CGI abuses

Nessus Plugin ID: 72427 ()

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial